Wednesday, December 10, 2014

A mental health organization in Alaska must pay a $150,000 Department of Health and Human Services (HHS) fine for HIPAA breaches that affected 2,743 patients. In addition to the monetary fine HHS is requiring implementation of a corrective action plan and reporting to OCR on its compliance program.

This latest fine is indicative of continued enforcement by the Office of Civil Rights (OCR). To date they have levied $26 million in monetary settlements against 24 HIPAA-covered entities found to have violated privacy, security and breach notification rules.

"HIPAA security policies and procedures...were not followed by the organization's employees for a seven-year period, from 2005 to 2012." - Healthcare IT News